-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HttpBearerAuth with preflight request #8134
Comments
Add 'options' to public function behaviors()
{
return [
'bearerAuth' => [
'class' => \yii\filters\auth\HttpBearerAuth::className(),
'except' => ['options']
],
];
} |
This doesn't work as OPTION is type of request, that browser sends on the same url as original request |
I meant the order of Authentication and Cors filter. Cors must be before Auth to handle the OPTIONS request. |
Order is correct, but Cors filter doesn't send back response immediately, authentication is checked anyway. |
@yujin1st you need an action that handles the options request then, which is excluded from auth. That is what @klimov-paul propsed. |
It seems i misunderstand processes: How should i do such thing for my own rest controller (not activeController)? |
This is done in |
Is there any proper way to get rid of preflight OPTION request when i add authorization in http request. Now my work around is by making a component which extends HttpBearerAuth class and override authenticate function adding following line before the original code
This works but i want to know whether there is a simple and correct way to handle this...
The text was updated successfully, but these errors were encountered: